Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 175504cd authored by Takuya Yoshikawa's avatar Takuya Yoshikawa Committed by Avi Kivity
Browse files

KVM: Take missing slots_lock for kvm_io_bus_unregister_dev() 



In KVM_CREATE_IRQCHIP, kvm_io_bus_unregister_dev() is called without taking
slots_lock in the error handling path.

Signed-off-by: default avatarTakuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
parent a355c85c

arch/ia64/kvm/kvm-ia64.c

+2 −0
Original line number Diff line number Diff line
@@ -951,7 +951,9 @@ long kvm_arch_vm_ioctl(struct file *filp, 
			goto out;

		r = kvm_setup_default_irq_routing(kvm);

		if (r) {

			mutex_lock(&kvm->slots_lock);

			kvm_ioapic_destroy(kvm);

			mutex_unlock(&kvm->slots_lock);

			goto out;

		}

		break;

arch/x86/kvm/x86.c

+4 −0
Original line number Diff line number Diff line
@@ -3309,8 +3309,10 @@ long kvm_arch_vm_ioctl(struct file *filp, 
		if (vpic) {

			r = kvm_ioapic_init(kvm);

			if (r) {

				mutex_lock(&kvm->slots_lock);

				kvm_io_bus_unregister_dev(kvm, KVM_PIO_BUS,

							  &vpic->dev);

				mutex_unlock(&kvm->slots_lock);

				kfree(vpic);

				goto create_irqchip_unlock;

			}
@@ -3321,10 +3323,12 @@ long kvm_arch_vm_ioctl(struct file *filp, 
		smp_wmb();

		r = kvm_setup_default_irq_routing(kvm);

		if (r) {

			mutex_lock(&kvm->slots_lock);

			mutex_lock(&kvm->irq_lock);

			kvm_ioapic_destroy(kvm);

			kvm_destroy_pic(kvm);

			mutex_unlock(&kvm->irq_lock);

			mutex_unlock(&kvm->slots_lock);

		}

	create_irqchip_unlock:

		mutex_unlock(&kvm->lock);